Equifax CEO on whether company has encrypted its data: ‘I don't know'

By:
Craig Johnson

Updated: Nov 14, 2017 - 11:37 AM

After the year Equifax has had, you’d think the Atlanta-based credit-reporting agency would have mastered its messaging by now, but a stunning admission offered recently by a top executive illustrates how deep a public relations hole the firm has gotten itself in.

In September, the company disclosed a massive data breach that exposed as many as 145.5 million people to identity theft. Equifax said that people’s names, addresses and Social Security numbers were included in the haul, which has made companies that do business with them quite skittish.

During a hearing last week on Capitol Hill, Equifax’s new interim CEO Paulino do Rego Barros Jr. was asked by lawmakers whether the embattled company had finally encrypted its data after the breach. His answer? “I don’t know at this stage,” according to Boingboing.net.

We don’t have to tell you how incredible this is, especially after a security expert went public saying that he previously exposed Equifax’s cybersecurity vulnerabilities to the company way before the breach. The researcher, who spoke to news site Mother Jones on a condition of anonymity, said that the Atlanta-based company didn’t take his advice, which was given in December.

“It should’ve been fixed the moment it was found. It would have taken them five minutes, they could’ve just taken the site down,” the researcher said. “In this case it was just ‘Please take this site down, make it not public.’ That’s all they needed to do.”

In Washington, Barros was joined by his predecessor at Equifax, Richard Smith, who also had an unflattering moment when he told a Colorado senator that before the massive hack, the company deliberately chose not to encrypt its data. Smith used his answer to deflect from the importance of encryption, saying, “It’s a more modern environment with multiple layers of security that did not exist before. Encryption is only one of those layers of security,” Boingboing reports.

The Equifax honchos were just two of several executives from U.S. companies grilled by lawmakers on the Congressional Committee on Commerce, Science, and Transportation during hearings on “Protecting Consumers in the Era of Major Data Breaches.”

Former Yahoo Chief Executive Marissa Mayer apologized to the panel for two data breaches suffered by the tech giant, blaming one of them on the Russians.

“While all our measures helped Yahoo successfully defend against the barrage of attacks by both private and state-sponsored hackers, Russian agents intruded on our systems and stole our users’ data,” Mayer said, according to Yahoo. You can see some of the proceedings, including answers from Smith, Barros and Mayer, in the video below.

Money expert Clark Howard says in the aftermath of the massive data breach — and even before it happened— the main protection U.S. consumers have is to freeze their credit. “It’s imperative that you freeze your credit with all three main credit reporting agencies: Equifax, Experian and TransUnion,” he writes.

In September, the company disclosed a massive data breach that exposed as many as 145.5 million people to identity theft. Equifax said that people’s names, addresses and Social Security numbers were included in the haul, which has made companies that do business with them quite skittish.